Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/I8M5WDYaoe-wq4eHYMq4mQZKRes.roa
File:                     I8M5WDYaoe-wq4eHYMq4mQZKRes.roa (raw, json)
Hash identifier:          WnBAYq6OjXgbdnups7BLOHUr35zKhPGYeQ68pzsdP4A=
Subject key identifier:   23:C3:39:58:36:1A:A1:EF:B0:AB:87:87:60:CA:B8:99:06:4A:45:EB
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C86F0B9C2554A4ABF2371AE46E8BC
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/I8M5WDYaoe-wq4eHYMq4mQZKRes.roa
Signing time:             Thu 02 Jan 2025 09:50:34 +0000
ROA not before:           Thu 02 Jan 2025 09:50:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203841
IP address blocks:        5.143.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:86:f0:b9:c2:55:4a:4a:bf:23:71:ae:46:e8:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23c33958361aa1efb0ab878760cab899064a45eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ec:f9:03:5c:db:7a:ae:68:e9:4c:5e:8f:1b:
                    45:01:27:ec:6a:94:70:ac:00:81:dc:82:2d:1d:a6:
                    8f:1d:ec:38:17:b4:a6:94:be:6e:f0:ed:7c:99:ea:
                    bf:95:de:20:c5:50:ed:39:a5:b2:57:45:d2:c2:07:
                    d0:11:df:6f:87:75:9d:af:ca:b7:0e:e1:87:69:69:
                    e9:8a:9b:db:fc:b2:84:a6:5a:b0:c5:d9:40:66:c0:
                    d9:00:f6:49:db:cc:f3:f5:a9:01:86:2b:a6:02:8b:
                    5a:5b:3e:39:3d:a4:16:34:a6:97:ac:bc:f0:2c:a5:
                    d8:03:e3:95:3e:bf:a7:71:fa:ca:fe:b4:b3:3a:94:
                    86:2c:f8:30:40:ff:8a:23:68:b0:27:04:ea:38:d4:
                    2a:5b:86:2c:7c:89:be:e4:b1:9d:22:85:23:ee:2f:
                    fe:3a:fa:79:1b:c4:2d:4b:ba:a5:b9:89:40:d2:77:
                    89:ee:dc:c3:c9:41:06:35:05:3b:a7:7b:75:52:20:
                    26:d2:25:32:20:9d:65:25:58:65:7a:3f:f9:30:1b:
                    08:c5:50:ae:a8:c4:03:9f:43:d2:80:7b:29:8b:c3:
                    80:40:43:c6:39:36:15:22:dd:1f:8c:69:9f:b4:24:
                    c5:2c:5d:9d:34:b3:42:40:93:09:33:47:c7:23:ac:
                    c5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C3:39:58:36:1A:A1:EF:B0:AB:87:87:60:CA:B8:99:06:4A:45:EB
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/I8M5WDYaoe-wq4eHYMq4mQZKRes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.143.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b6:e2:f0:2e:50:53:2c:22:64:fd:a7:ef:11:47:6a:1c:ed:
         32:7e:14:c8:c4:82:1b:68:ab:f1:7b:80:5c:9a:73:4e:d2:45:
         2b:03:50:a9:c2:bd:56:14:e9:08:3e:78:d2:c5:93:a0:16:83:
         ed:24:79:09:e7:45:ed:fd:6c:a3:2e:27:96:8c:fd:b3:ef:ee:
         d3:9b:08:9c:5d:47:50:3e:f6:8e:07:ed:cd:6c:77:88:c6:a7:
         f1:61:bb:e7:e5:67:b8:6f:d4:e8:13:21:1b:09:f6:b0:75:dc:
         c4:58:b1:53:37:99:4a:1f:37:62:af:f6:68:5a:3e:f6:ab:c6:
         16:34:86:34:ce:de:a8:7e:dc:9a:60:f3:d6:90:d5:8e:d4:b2:
         f9:21:29:ba:0b:a4:6e:62:e2:87:d6:c4:09:87:d6:fb:3b:d4:
         ce:6b:59:44:fa:51:6c:94:8c:98:29:89:75:c2:02:be:32:e5:
         35:b8:b4:e6:fb:8a:b6:87:db:87:fb:3b:6b:5d:52:44:5b:85:
         6c:74:e0:c3:e2:23:a9:de:c7:94:c4:77:2f:db:5c:f1:66:08:
         6e:c3:56:22:b9:a6:a5:ad:88:67:96:5e:c7:b8:10:49:2f:dd:
         04:14:5b:1b:f3:1e:fd:35:91:75:a1:26:6e:b9:00:11:29:a5:
         b4:af:98:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbIbwucJVSkq/I3GuRui8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2MzMzk1ODM2MWFhMWVmYjBhYjg3ODc2MGNhYjg5OTA2NGE0NWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uz5A1zbeq5o6UxejxtFASfsapRw
rACB3IItHaaPHew4F7SmlL5u8O18meq/ld4gxVDtOaWyV0XSwgfQEd9vh3Wdr8q3
DuGHaWnpipvb/LKEplqwxdlAZsDZAPZJ28zz9akBhiumAotaWz45PaQWNKaXrLzw
LKXYA+OVPr+ncfrK/rSzOpSGLPgwQP+KI2iwJwTqONQqW4YsfIm+5LGdIoUj7i/+
Ovp5G8QtS7qluYlA0neJ7tzDyUEGNQU7p3t1UiAm0iUyIJ1lJVhlej/5MBsIxVCu
qMQDn0PSgHspi8OAQEPGOTYVIt0fjGmftCTFLF2dNLNCQJMJM0fHI6zF1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPDOVg2GqHvsKuHh2DKuJkGSkXrMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvSThNNVdEWWFvZS13cTRlSFlNcTRtUVpLUmVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABY/uMA0G
CSqGSIb3DQEBCwUAA4IBAQB8tuLwLlBTLCJk/afvEUdqHO0yfhTIxIIbaKvxe4Bc
mnNO0kUrA1Cpwr1WFOkIPnjSxZOgFoPtJHkJ50Xt/WyjLieWjP2z7+7TmwicXUdQ
PvaOB+3NbHeIxqfxYbvn5We4b9ToEyEbCfawddzEWLFTN5lKHzdir/ZoWj72q8YW
NIY0zt6oftyaYPPWkNWO1LL5ISm6C6RuYuKH1sQJh9b7O9TOa1lE+lFslIyYKYl1
wgK+MuU1uLTm+4q2h9uH+ztrXVJEW4VsdODD4iOp3seUxHcv21zxZghuw1Yiuaal
rYhnll7HuBBJL90EFFsb8x79NZF1oSZuuQARKaW0r5jb
-----END CERTIFICATE-----